Private DNS consists of four major modules: the built-in authoritative acceleration module, built-in authoritative regular module, forward module, and recursion module. If the Domain Name System (DNS) requests initiated by Elastic Compute Service (ECS) instances or elastic container instances in virtual private clouds (VPCs) match the DNS records in the built-in authoritative acceleration module, the DNS records are not cached. Therefore, the DNS records are not affected by time to live (TTL) values. This topic describes the mechanism for rewriting the TTL values of caches, and the mechanisms for clearing and updating caches in the other three modules.
Built-in authoritative regular module and forward module
The built-in authoritative regular module shares the same level-1 cache structure with the forward module. The following figure shows how the level-1 cache structure works.
Mechanism for rewriting TTL values
Private DNS rewrites the TTL values for caching DNS records returned by the built-in authoritative regular module and the forward module. This section describes the specific mechanism for rewriting TTL values.
In a positive response scenario where a DNS record of a queried domain name is returned for a DNS request:
If the TTL value of the returned DNS record is greater than 86,400 seconds, the cache system rewrites the TTL value to 86,400 seconds.
If the TTL value of the returned DNS record is less than 10 seconds, the cache system rewrites the TTL value to 10 seconds.
If the TTL value of the returned DNS record is within the range of 10 to 86,400 seconds, the cache system uses the TTL value configured at the origin DNS server.
In a negative response scenario where the queried domain name does not exist or the DNS record of the specific type for the domain name does not exist:
The cache system rewrites the TTL value of the returned DNS record to 5 seconds.
Logic for caching DNS records: The actual TTL values for caching DNS records depend on the TTL values after modification.
Mechanism for clearing and updating caches
Private DNS can cache a certain number of DNS records. The cached DNS records are sorted by access frequency. The DNS records with low access frequency are cleared from the cache. Therefore, the mechanisms for clearing and updating cached DNS records are affected by whether the TTL expires and whether the cache queue is full.
The cache queue is not full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records are returned for DNS requests initiated by clients, but the DNS records modified at origin DNS servers are not returned.
DNS records are retained in the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses update the cached DNS records. If servfail is returned or the responses time out, the DNS records before the update are returned to clients.
The cache queue is full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records that include positive responses and negative responses are returned for DNS requests initiated by clients, but the DNS records modified at origin DNS servers are not returned.
DNS records are cleared from the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses are cached. If servfail is returned or the responses time out, no DNS record is returned to clients.
Recursion module
Private DNS uses the recursion module to provide the public recursive DNS resolution service for clients and cloud services in VPCs. The recursion module uses the level-2 cache structure. The following figure shows how the level-2 cache structure works.
Mechanism for rewriting TTL values
1. Cache module
In a positive response scenario where a DNS record of a queried domain name is returned for a DNS request:
The cache system rewrites the TTL value of the returned DNS record to 10 seconds.
In a negative response scenario where the queried domain name does not exist or the DNS record of the specific type for the domain name does not exist:
The cache system rewrites the TTL value of the returned DNS record to 5 seconds.
Logic for caching DNS records: The actual TTL values for caching DNS records depend on the TTL values after modification.
2. Recursion module
The TTL values for caching DNS records in the level-2 cache structure used by the recursion module are not rewritten and depend on the TTL values configured in Public Authoritative DNS. The DNS records include positive and negative responses.
Logic for caching DNS records: The actual TTL values for caching DNS records depend on the TTL values after modification.
Mechanisms for clearing and updating caches
1. Cache module
The cache queue is not full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records are returned for DNS requests initiated by clients but the DNS records modified at origin DNS servers are not returned.
DNS records are retained in the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses update the cached DNS records. If servfail is returned or the responses time out, the DNS records before the update are returned to clients.
The cache queue is full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records that include positive responses and negative responses are returned for DNS requests initiated by clients, but the DNS records modified at origin DNS servers are not returned.
DNS records are cleared from the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses are cached. If servfail is returned or the responses time out, no DNS record is returned to clients.
2. Recursion module
The cache queue is not full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records are returned for DNS requests initiated by clients but the DNS records modified at origin DNS servers are not returned.
DNS records are retained in the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses update the cached DNS records. If servfail is returned or the responses time out, the DNS records before the update are returned to clients.
The cache queue is full
DNS records are retained in the cache before the TTL expires. In this case, the cached DNS records that include positive responses and negative responses are returned for DNS requests initiated by clients, but the DNS records modified at origin DNS servers are not returned.
DNS records are cleared from the cache after the TTL expires. In this case, the DNS requests initiated by clients are sent to origin DNS servers. The returned DNS records that include positive responses and negative responses are cached. If servfail is returned or the responses time out, no DNS record is returned to clients.